My laptop is configured with a wireless key ( for a WPA2 network) stored by the Intel PRO/Wireless application. How can recover that key ?

WirelessKeyView can be used to recover keys stored by the Windows service, and it cannot recover the key stored by the Intel PRO/Wireless application ( just tested). Any other application which can recover the key ?

It looks like there may not be. Is there an option in the intel software to make the key exportable? In my searching, some versions have that option. Are you not able to get into the router to check the settings from that machine also?
–
JNKSep 8 '10 at 14:49

@JNK Am afraid I can't get into the router. Let me check for the option in the application.
–
Sathya♦Sep 8 '10 at 14:53

@JNK There's an option available to export the profile, not the key but exporting the profile won't help me.
–
Sathya♦Sep 8 '10 at 15:03

Yeah the profile is only usable in that intel app, so you would be stuck in a recursion loop there :) I hate to say it but there may not be a way. You can MAYBE find out where the intel app stores it's data, then use a hex editor to check the files for likely keys.
–
JNKSep 8 '10 at 15:18

@JNK Thanks. I'll try searching, meanwhile you can post your comment as an answer - if there's no other way I'll accept it.
–
Sathya♦Sep 8 '10 at 16:35

4 Answers
4

Yeah the profile is only usable in
that intel app, so you would be stuck
in a recursion loop there :) I hate to
say it but there may not be a way. You
can MAYBE find out where the intel app
stores it's data, then use a hex
editor to check the files for likely
keys.

I tried it on proset 11.5.0.0
It did not work.
There was a code but it was encrypted.
But i found a solution.
Follow previous instructions.
When you find the key (its encrypted but you now this is the one).
I found it on address 0012DE68. Had to scroll down 2 pages.
Set a breakpoint on that address (breakpoint on access).
Go back to proset and klick OK.
Cheatengine stops the program execution.
Go to cheatengine and scroll back to address 0012AA30.
There i found the key in plain text.
It was also found on address 00128CEC and 00129BF0.

First you must download Cheat Engine. It's free. Download, install it and start it.
then you must open Intel ProSet WiFi. Click on the Profiles button, select the profile you want, then click the Properties button.

Now you'll have a new window named "WiFi profile properties" opened up. Now click on "security settings" and at the right side you should see the asterisks covering up the password. Now the password should be decrypted in memory. Leave this window open!

Now go back to Cheat Engine. Click on the first icon, the one that says 'select a process to open', now scroll down and select the process associated to the password window, the one named 'PfWizard.exe" and click 'open'.

Now, change 'value type' to string and in the "Text" field above, enter the exact (case sensitive) name of the wireless profile, then click "First Scan".

On the left you'll see a generated list of memory addresses. Right click on the first address and select "Browse this memory region". A new window will appear. In this new window, on the bottom half, scroll down a few pages (4-5 pages) and you'll see the password in clear text.

If the password doesn't show up here, you can try to "Browse this memory region" for the other memory addresses in the list and scroll down in the memory map. Eventually you'll see it. The memory address may differ from computer to computer, OS to OS and proset version. So you'll have to do a bit of search yourself.

This was tested on XP 32bit running Intel ProSet 14.2.1.0. If Intel makes radical changes to ProSet, you can always export all your profiles, uninstall ProSet, install ProSet 14.2.1.0, import back your profiles and then use the method described above.